This update addresses a potential ‘Clickjacking’ issue in Flash Player. Clickjacking is an issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. This update helps prevent a Clickjacking attack on a Flash Player user’s camera and microphone. (CVE-2008-4503)

This update includes further changes to enhance Flash Player’s interpretation of cross-domain policy files. These changes could help prevent privilege escalation attacks against web servers hosting Flash content and cross-domain policy files. For more information, see the following section of the “Adobe Flash Player 10 Security Changes” Adobe Developer Connection article. (CVE-2007-6243)

This update introduces functionality to further mitigate a potential port-scanning issue. For more information, see the following Adobe Developer Connection article. (CVE-2007-4324)

This update introduces changes to the Clipboard API that will prevent potential ‘Clipboard attacks’. For more information, see the following section of the "Adobe Flash Player 10 Security Changes" Adobe Developer Center article. (CVE-2008-3873)

This update introduces changes to the FileReference upload and download APIs to require user interaction. For more information, see the following section of the “Adobe Flash Player 10 Security Changes” Adobe Developer Connection article. (CVE-2008-4401)